WebSocket Vulnerability in Cline Hub Dashboard Prior to Version 3.0.30
CVE-2026-59723
8.8HIGH
What is CVE-2026-59723?
Prior to version 3.0.30, the Cline Hub dashboard server allowed unauthenticated WebSocket connections on the /browser endpoint, exposing it to potential attacks. The server failed to validate the Origin header, enabling unauthorized websites to send commands that could read and manipulate workspace settings. This vulnerability posed significant risks when the ROOM_SECRET was not configured for local 127.0.0.1 bindings, allowing attackers to execute commands potentially harmful to user data and application integrity. This issue has been remediated in version 3.0.30.
Affected Version(s)
cline < 3.0.30
